1. Field of the Invention
The present invention concerns access security for digital data. More particularly, the invention is implemented in a storage or device controller to regulate data security using a key and other parameters stored in metadata. Among other benefits, this enables the storage controller or device to be attached directly to a network without compromising security or having to add an intermediate server to perform security functions.
2. Description of the Related Art
To get the most out of their storage systems, system administrators often provide common storage for access by multiple different users. The common storage is often coupled to individual user computers via intermediate hardware such as storage servers and networks. The common storage may be a single device, but more often comprises many different physical storage devices. Some examples of multi-user storage systems are: (1) corporate Intranet systems accessed by employee users, (2) telephone records accessible by telephone operator-users located around the state, nation, or world, (3) banking records accessed by remote customer-users operating automatic teller machines, and (4) engineering design specifications or models accessed by engineer-users working together on a technical project. A variety of other arrangements are also known.
In these systems, security of common storage is one difficult challenge facing storage system engineers. Since the common storage is effectively coupled to all users (via intermediate server machines), it is often necessary to consider the user""s identity in deciding whether to provide (or deny) access to stored data. Some data may be suitable for all users to access, whereas other data may be only suitable for access by selected users. As an example, it may be desirable to provide all employees of the company access to the company""s telephone directory stored on a common storage facility, while making personnel files available only to those in the human resources department.
Many known data security mechanisms address this problem by operating a central host or server as an access gate. This is feasible when the server alone is attached to the common storage, and therefore constitutes a natural gate. In this arrangement, all access requests are routed through this server, which accepts or rejects each request according to the identity of the requesting user and the content of the request. The server implements its security features by running a security software program. As one variation of this arrangement, there may be multiple servers coupled to the common storage, with each server running the same security program under the same operating system. These multiple servers can provide more users with concurrent access to the common storage. One example of a server comprises an IBM model S/390 product using the MVS operating system, where each server is coupled to a RAMAC storage subsystem.
Although conventional server-based storage configurations have proven satisfactory in many cases, many organizations are moving toward xe2x80x9cnetwork attached storage,xe2x80x9d which aims to save costs by placing storage systems directly on the network and thereby avoiding intermediate server machines. For especially convenient widespread and accessible use, storage systems are even coupled directly to the Internet in many cases. This avoids the need to purchase a dedicated server machine to serve as an intermediate security gate. This arrangement is especially beneficial for data that is being distributed, posted, or otherwise made available to users on a xe2x80x9cread-onlyxe2x80x9d basis because known mechanisms at the device or storage controller level may be invoked to universally prevent changes to the data.
Although this arrangement is beneficial insofar as it saves costs and conveniently makes data widely available, there are still some limitations. Chiefly, conventional network attached storage is not adequate for those users seeking to make data widely accessible yet selectively permit some users to modify and delete data. To implement more advanced security schemes, network designers must add-in intermediate security gates such as storage severs. In addition to the added cost, compatibility problems can arise, especially with data that is being shared on such a widespread basis as the Internet. Namely, it may be difficult or prohibitively expensive to program the server with a security scheme that is compatible with a diverse array of expected machines, such as WINDOWS machines, UNIX machines, MVS computers, SUN workstations, etc.
Consequently, known storage and security arrangements are not completely adequate due to these and other unsolved problems.
Broadly, the invention provides access security for stored digital data by using a storage or device controller to regulate data security according to a security key and other parameters stored in metadata. This enables the storage controller or device to be attached directly to a network without compromising security or having to add an intermediate server to perform security functions.
The storage system of this invention includes a storage controller coupled to a digital data storage. The controller is also coupled to, or at least accessible by, one or more hosts. The digital data storage contains host-accessible user data accessed by the storage controller on behalf of hosts, as well as host-inaccessible metadata used by the storage controller to manage the user data. Initially, the storage controller receives a write request from one of the hosts. Such a request includes a proposed key and target data to be written to storage. The storage controller stores the target data as host-accessible user data, and also stores the key as host-inaccessible metadata associated with the target data. Thereafter, the storage controller requires hosts to provide a key matching or having another prescribed relation to the stored key as a condition to granting future host requests to access the stored target data.
In one embodiment, the invention may be implemented to provide a method of conditioning host access to stored data according to keys stored in host-inaccessible metadata. In another embodiment, the invention may be implemented to provide an apparatus, such as a data storage system, utilizing storage controllers configured to condition host access to stored data according to keys stored in host-inaccessible metadata. In still another embodiment, the invention may be implemented to provide a signal-bearing medium or tangibly embodying a program of machine-readable instructions executable by a machine such as a storage controller to manage storage as discussed herein. Similarly, the invention may also be embodied by logic circuitry configured to manage storage as discussed herein.
The invention affords its users with certain distinct advantages. For instance, by using a storage controller rather than a server or host machine as a security gate, the invention provides storage security for a variety of different host computers that utilize comparatively incompatible operating systems. As another benefit, the invention is inexpensive because it may be implemented to provide data security using a network attached storage controller without using an expensive server machine. Similarly, the invention does not burden the processing and input/output resources of existing host machines with security functions, since security is implemented on the storage controller level. The invention is also beneficial because it provides a flexibility in implementation and may be applied in a variety of different environments. For instance, the invention may be applied to sound recordings to limit playback to users that have purchased an appropriate key. The invention also provides a number of other advantages and benefits, which should be apparent from the following description of the invention.